Advantage: nobody can read the backups but me
Disadvantage: I need to type a long passphrase at boot (twice)
# prepare to enter a passphrase
cryptsetup luksFormat /dev/sda --cipher=aes --key-size=256
cryptsetup luksFormat /dev/sdb --cipher=aes --key-size=256
# verify device
cryptsetup isLuks /dev/sda -v
cryptsetup isLuks /dev/sdb -v
# dump metadata (just for information)
cryptsetup luksDump /dev/sda
cryptsetup luksDump /dev/sdb
# find uuid (so you can add them with uuid to /etc/crypttab)
cryptsetup luksUUID /dev/sda
cryptsetup luksUUID /dev/sdb
# create mapper devices
cryptsetup luksOpen /dev/sda encrypt-backup
cryptsetup luksOpen /dev/sdb encrypt-archive
# verify dm devices
dmsetup info
# mkfs (Wouter told me to use ext4 ;-)
mkfs.ext4 /dev/mapper/encrypt-backup
mkfs.ext4 /dev/mapper/encrypt-archive
# tune reserved space for root
tune2fs -m2 /dev/mapper/encrypt-backup
tune2fs -m2 /dev/mapper/encrypt-archive
# mount
mount /dev/mapper/encrypt-backup /srv/encrypt-backup
mount /dev/mapper/encrypt-archive /srv/encrypt-archive
No comments:
Post a Comment